﻿/*********************************************************
 * 开发人员：小兵
 * 创建时间：2012-10-23 10:07:12
 * 描述说明：
 * 
 * 更改历史：
 * 
 * *******************************************************/
namespace Mozlite.WebUI.Mvc4
{
    using System;
    using System.Web;
    using System.Data;
    using System.Collections.Generic;
    using System.Linq;
    using System.Text;
    using System.Web.Mvc;
    using System.Web.Security;
    using Mozlite.Components;

    /// <summary>
    /// 权限验证属性。
    /// </summary>
    public class AuthorizeExAttribute : AuthorizeAttribute
    {
        /// <summary>
        /// 初始化权限验证类。
        /// </summary>
        public AuthorizeExAttribute() : this(RoleLevel.Register) { }

        /// <summary>
        /// 初始化权限验证类。
        /// </summary>
        /// <param name="level">角色等级。</param>
        public AuthorizeExAttribute(RoleLevel level)
        {
            this.RoleLevel = level;
        }

        /// <summary>
        /// 获取角色等级。
        /// </summary>
        public RoleLevel RoleLevel { get; private set; }

        /// <summary>
        /// 验证授权。
        /// </summary>
        /// <param name="httpContext">HTTP 上下文，它封装有关单个 HTTP 请求的所有 HTTP 特定的信息。</param>
        /// <returns>如果用户已经过授权，则为 true；否则为 false。</returns>
        protected override bool AuthorizeCore(HttpContextBase httpContext)
        {
            if(httpContext == null)
                return false;
            if(httpContext.User.Identity.IsAuthenticated)
            {
                var user = AppContext.Current.User;
                if(user.RoleLevel == Components.RoleLevel.Creator || 
                    (user.IsAllowed(RoleLevel) && base.AuthorizeCore(httpContext)))
                    return true;
            }
            httpContext.Response.StatusCode = 403;
            return false;
        }

        /// <summary>
        /// 重写验证。
        /// </summary>
        /// <param name="filterContext">验证信息上下文。</param>
        public override void OnAuthorization(AuthorizationContext filterContext)
        {
            base.OnAuthorization(filterContext);
            if(filterContext.HttpContext.Response.StatusCode == 403)
            {
                if(filterContext.HttpContext.User.Identity.IsAuthenticated)
                    filterContext.Result = new RedirectResult(GetAccessDenyUrl(filterContext.GetAreaName()));
                else
                    filterContext.Result = new RedirectResult(GetLoginUrl(filterContext.HttpContext.Request.UrlReferrer, filterContext.GetAreaName()));
            }
        }
        /// <summary>
        /// 禁止访问页面路径。
        /// </summary>
        protected virtual string GetAccessDenyUrl(string areaName)
        {
            return SiteUrls.FormatUrl("AccessError", areaName);
        }
        /// <summary>
        /// 获取登录地址。
        /// </summary>
        /// <param name="returnUrl">登录成功后导向地址。</param>
        /// <returns>返回登录地址。</returns>
        protected virtual string GetLoginUrl(object returnUrl, string areaName)
        {
            if(returnUrl != null && returnUrl.ToString().HasValue())
                returnUrl = "?returnUrl=" + returnUrl;
            return FormsAuthentication.LoginUrl + returnUrl;
        }
    }
}
